From: Steve Dickson <SteveD@redhat.com>
To: Olaf Kirch <olaf.kirch@Oracle.com>
Cc: =?ISO-8859-1?Q?Javier_Fern=E1ndez-Sanguino_?=@sc8-sf-spam2.sourceforge.net,
"Neil Brown" <neilb@suse.de>,
"Matthias Koenig" <mkoenig@novell.com>,
nfs@lists.sourceforge.net, Peña <jfs@computer.org>,
"Tony Reix" <tony.reix@bull.net>,
anibal@debian.org
Subject: Re: Portmap - was Re: Does mountd/statd really need to listen on a privileged port??
Date: Tue, 24 Apr 2007 11:10:23 -0400 [thread overview]
Message-ID: <462E1DDF.5060203@RedHat.com> (raw)
In-Reply-To: <200704240908.39672.olaf.kirch@oracle.com>
Olaf Kirch wrote:
> On Tuesday 24 April 2007 01:09, Neil Brown wrote:
>> Is there someone "maintaining" rpcbind? Should there be?
>> I notice there is an rpcbind at Wietse Venema's site:
>> ftp://ftp.porcupine.org/pub/security/index.html
>>
>> Is this rpcbind derived from that?
>
> Bull maintains a copy of rpcbind alongside their tirpc code.
> I think both Wietse's and Bull's rpcbind implementation derive
> from the TI-RPC code released by Sun some time during the
> last millenium.
>
> Personally, I'm very wary of the tirpc code. I think it needs a haircut
> and a thorough security audit before it can go into distributions.
I agree the code is a bit rough at this point... and care should be
taken with who and how the code is used at this point, which is
the reason only rpcbind is using the library and rpcbind is not
running as root... but... I do think correct way to go in
the supporting of IPv6 and other well established features.
> I did a very quick comparison of the tirpc code vs glibc, and
> I think there's a potential buffer overflow if a rogue rpcbind server
> replies with a string length of 0xffffffff.
>
> The rpcb_clnt.c functions use xdr_wrapstring, which
> gives a max string size of MAX_UNSIGNED, so a string
> length of 0xffffffff would be acceptable. The subsequent malloc
> would allocate a buffer of length 0 however. Depending on
> how you link your binary, malloc may return NULL in that case
> (simple segfault), or a very small buffer - and the moment you
> start copying to that, you will corrupt the heap. This is fixed
> in glibc, but still exists in tirpc. A security audit may turn up
> more.
Yes... there is a ton of wisdom we can pull from the glibc code
to make this code better... and since the glibc people are for
this movement (i.e. moving away from the glibc RPC code) I'm
hoping they will be willing to help us out in this effort...
>
> Apart from these concerns, the coding style is abominable - K&R
> almost everywhere; there's still a bunch of u_long's in
> the code which makes it non-64bit-clean, and there's
> crap like
>
> clnt_st = CLNT_CALL(client, (rpcproc_t)RPCBPROC_GETADDR,
> (xdrproc_t) xdr_rpcb, (char *)(void *)&parms,
> (xdrproc_t) xdr_wrapstring, (char *)(void *) &ua, *tp);
>
> Those casts aren't just plain ugly, they're utterly useless too, since
> the pointer arguments to cl_call are void *.
Yes the coding style a bit challenging.... but again this is something
that is definitely fixable over time...
Are there any tools out there that might help with the cleaning up
of this code?
steved.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2007-04-24 15:10 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-12 22:05 Does mountd/statd really need to listen on a privileged port?? Neil Brown
2007-04-13 0:05 ` Trond Myklebust
2007-04-16 1:03 ` Neil Brown
2007-04-13 0:55 ` Mike Frysinger
2007-04-13 1:09 ` Mike Frysinger
2007-04-13 1:39 ` Neil Brown
2007-04-13 2:04 ` Mike Frysinger
2007-04-17 10:14 ` Olaf Kirch
2007-04-17 11:12 ` Mike Frysinger
2007-04-16 18:13 ` Steve Dickson
2007-04-17 10:08 ` Olaf Kirch
2007-04-17 11:21 ` Mike Frysinger
2007-04-17 11:32 ` Olaf Kirch
2007-04-18 7:14 ` Neil Brown
2007-04-19 0:46 ` Neil Brown
2007-04-19 1:21 ` Javier Fernández-Sanguino Peña
2007-04-20 3:04 ` Portmap - was " Neil Brown
2007-04-20 6:49 ` Olaf Kirch
2007-04-20 8:02 ` Neil Brown
2007-04-20 13:27 ` Olaf Kirch
2007-04-20 19:18 ` Steve Dickson
2007-04-23 4:03 ` Neil Brown
2007-04-23 6:31 ` Neil Brown
2007-04-23 13:43 ` Steve Dickson
2007-04-24 0:56 ` Neil Brown
2007-04-24 17:13 ` Steve Dickson
2007-04-23 13:28 ` Steve Dickson
2007-04-23 23:09 ` Neil Brown
2007-04-24 6:43 ` Olaf Kirch
2007-04-24 7:24 ` Neil Brown
2007-04-24 15:15 ` Talpey, Thomas
2007-04-24 15:31 ` Talpey, Thomas
2007-04-24 7:08 ` Olaf Kirch
2007-04-24 15:10 ` Steve Dickson [this message]
2007-04-24 16:10 ` Christoph Hellwig
2007-04-24 17:04 ` Steve Dickson
2007-04-24 17:17 ` Christoph Hellwig
2007-04-24 17:52 ` Steve Dickson
2007-04-24 19:09 ` Peter Åstrand
2007-04-24 20:26 ` Steve Dickson
2007-04-24 20:36 ` Peter Staubach
2007-04-25 11:56 ` Olaf Kirch
2007-04-25 15:44 ` Peter Staubach
2007-04-25 20:14 ` Olaf Kirch
2007-04-26 6:32 ` Neil Brown
2007-04-26 8:59 ` Olaf Kirch
2007-04-26 13:03 ` Peter Staubach
2007-05-02 4:22 ` Ian Kent
2007-04-27 15:07 ` Olaf Kirch
2007-04-27 15:18 ` Christoph Hellwig
2007-04-27 17:07 ` Olaf Kirch
2007-04-29 23:32 ` Steve Dickson
2007-04-26 7:52 ` Aurélien Charbon
2007-04-25 8:57 ` Peter Åstrand
2007-04-25 8:56 ` Olaf Kirch
2007-04-25 9:58 ` Christoph Hellwig
2007-04-25 13:22 ` Steve Dickson
2007-04-25 14:10 ` Olaf Kirch
2007-04-25 14:42 ` Christoph Hellwig
2007-04-26 14:30 ` Peter Åstrand
2007-04-25 14:37 ` Christoph Hellwig
2007-04-25 13:39 ` Steve Dickson
2007-04-26 22:22 ` Steve Dickson
2007-04-27 2:22 ` J. Bruce Fields
2007-04-27 6:20 ` Olaf Kirch
2007-04-27 14:01 ` Peter Staubach
2007-04-27 14:09 ` Christoph Hellwig
2007-04-27 14:21 ` Peter Staubach
2007-04-27 14:37 ` Christoph Hellwig
2007-04-29 23:39 ` Steve Dickson
2007-04-27 16:49 ` Olaf Kirch
2007-04-27 17:06 ` Peter Staubach
2007-04-27 17:04 ` Olaf Kirch
2007-04-27 17:34 ` Peter Staubach
2007-05-04 18:52 ` Steve Dickson
2007-04-24 14:38 ` Steve Dickson
2007-04-19 15:15 ` Steve Dickson
2007-04-19 15:21 ` J. Bruce Fields
2007-04-19 15:42 ` Steve Dickson
2007-04-19 15:50 ` J. Bruce Fields
2007-04-19 16:36 ` Steve Dickson
2007-04-19 22:50 ` Anibal Monsalve Salazar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=462E1DDF.5060203@RedHat.com \
--to=steved@redhat.com \
--cc==?ISO-8859-1?Q?Javier_Fern=E1ndez-Sanguino_?=@sc8-sf-spam2.sourceforge.net \
--cc=anibal@debian.org \
--cc=jfs@computer.org \
--cc=mkoenig@novell.com \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
--cc=olaf.kirch@Oracle.com \
--cc=tony.reix@bull.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.